Automate Your Release Checklist with n8n and GitHub Actions (2026 Guide)
The Claude Code leak could have been prevented with a simple automation. Here's how to build a secure release pipeline that scans your bundles, detects sensitive files and blocks dangerous publications — with n8n and GitHub Actions.
William Aklamavo
March 31, 2026
Automate Your Release Checklist with n8n and GitHub Actions
The Claude Code source code leak (March 31, 2026) had a simple cause: a forgotten .map file in the production bundle. A basic automation would have caught it.
Here's how to build that system.
The Problem with Manual Releases
Every team has a release checklist. Most of the time, it lives in the lead developer's head, or in a Notion doc nobody reads.
Result: oversights happen at the worst moment — just before pushing to production.
Pipeline Architecture
Code push → GitHub Actions → Security Scan → Build → Bundle Validation → Publish
↓ ↓
Slack alert Blocked if .map detected
1. GitHub Action: Pre-publish Scan
Create .github/workflows/pre-publish-check.yml:
name: Pre-publish Security Scan
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
security-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install dependencies
run: npm ci
- name: Build
run: npm run build
- name: Scan for source maps in dist
run: |
if find dist -name "*.map" | grep -q .; then
echo "❌ Source maps found in dist/ — publish blocked"
find dist -name "*.map"
exit 1
fi
echo "✅ No .map files in production bundle"
- name: Scan for sensitive files
run: |
PATTERNS=(".env" "*.key" "*.pem" "secrets" "credentials")
for pattern in "${PATTERNS[@]}"; do
if find dist -name "$pattern" | grep -q .; then
echo "❌ Sensitive file detected: $pattern"
exit 1
fi
done
echo "✅ No sensitive files detected"
- name: Check bundle size
run: |
SIZE=$(du -sh dist | cut -f1)
echo "📦 Bundle size: $SIZE"
SIZE_MB=$(du -sm dist | cut -f1)
if [ $SIZE_MB -gt 50 ]; then
echo "⚠️ Abnormally large bundle: ${SIZE_MB} MB — manual review required"
exit 1
fi
2. n8n Hook: Failure Notification
When the GitHub Action fails, you want an immediate alert — not an email lost in your inbox.
n8n workflow github-action-failure-alert:
GitHub Webhook (workflow_run failed)
→ Extract data (repo, branch, error message)
→ Slack notification #alerts-devops
→ Create Notion ticket "Action required"
→ Email to tech lead
3. .npmignore: Last Line of Defense
# .npmignore
**/*.map
**/*.map.js
.env*
*.key
*.pem
test/
tests/
__tests__/
*.test.ts
*.spec.ts
.github/
scripts/
docs/
CHANGELOG.md
4. pre-publish hook in package.json
{
"scripts": {
"prepublishOnly": "npm run build && npm run security-check",
"security-check": "node scripts/check-bundle.js"
}
}
Result
With this pipeline:
- Every push is automatically scanned
- Source maps in production are detected and block publication
- The team is alerted instantly via Slack
- The bundle is audited on every release
All in ~2 hours of setup. This is the type of automation that costs little to implement and prevents disasters like Anthropic's.
Want us to build this pipeline for your project?